CVE-2008-1154
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communications Manager (CUCM) 5.x y 6.x, Unified Presence 1.x y 6.x, Emergency Responder 2.x, y Mobility Manager 2.x, no requiere autenticación para las peticiones recibidas desde la red, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-03-05 CVE Reserved
- 2008-04-04 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/29670 | Third Party Advisory | |
| http://securitytracker.com/id?1019768 | Vdb Entry | |
| http://www.securityfocus.com/bid/28591 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1093 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41632 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml | 2017-08-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Emergency Responder Search vendor "Cisco" for product "Emergency Responder" | 2.0 Search vendor "Cisco" for product "Emergency Responder" and version "2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Manager Search vendor "Cisco" for product "Mobility Manager" | 2.0 Search vendor "Cisco" for product "Mobility Manager" and version "2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.1 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.0 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Presence Search vendor "Cisco" for product "Unified Presence" | 1.0 Search vendor "Cisco" for product "Unified Presence" and version "1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Presence Search vendor "Cisco" for product "Unified Presence" | 6.0 Search vendor "Cisco" for product "Unified Presence" and version "6.0" | - |
Affected
| ||||||